Firewalls and other security devices typically enforce policies against network transmissions based on a set of rules. In some cases, the rules may be based on a source or destination IP address (e.g., denying access to a particular destination IP address). Unfortunately, defining such rules can be a tedious and error prone process.